The legal landscape is now littered with parties--and their attorneys--who have been sanctioned by courts for electronic data discovery failures. Most of the litigation dealing with the loss of digital information addresses the failure of a party to preserve and collect the data after it was under a legal obligation to do so. The scope of that legal obligation is still not fully understood by many attorneys and their clients: it includes electronically stored information (ESI) held by third parties in many circumstances. Which circumstances? Consider the following scenarios.
Scenario 1: A global chemical and cleaning products company has some products manufactured by third-party suppliers. Some data concerning product formulation, manufacturing processes and quality control, testing and compliance resides with those contractors.
Scenario 2: An automotive manufacturer has significant CAE and CAD work done for a new vehicle program by a joint venture partner in India. The data and other software iterations used in the product development process reside with the joint venture partner in India.
Scenario 3: A national trucking transportation company has some of its tractor and trailer mechanical maintenance requirements performed by a wholly-owned subsidiary that specializes in such activity. Some data concerning the Department of Transportation required inspections, repairs, and maintenance resides with the subsidiary.
Scenario 4: An American consumer products company markets and distributes its products throughout the United States and Canada. Product manufacturing is performed in China by a number of suppliers, to the American company's specifications. Data concerning manufacturing, quality control and inspection processes and second-tier suppliers and purchased components resides with the various Chinese suppliers.
These are real-world situations, and the variations are endless. It is a business reality that most organizations use numerous third parties to help achieve their operational goals. As a result, there is likely to be relevant client business information in the possession of those other entities. These realities are obvious.
What is not so obvious is that information in the hands of those third parties is likely to be deemed within the "possession, custody or control" of the client organization under applicable discovery law. If so, a host of legal obligations attach, which can be especially challenging where electronically stored information is involved and where independent third parties and international cross-border relationships are involved.
Scope of the duty: what is "possession, custody or control"?
Federal Rule 34 (and its state rule counterparts including MCR 2.310) governs the production of documents and electronically stored information in civil discovery. The rule permits a party to serve on any other party a request for the production of documents and electronically stored information within that party's "possession, custody or control." The scope of a party's obligation is clearly broader than information in its "possession," but the rule raises the question of what is within a party's "control" for purposes of Rule 34. The answer to that question has profound implications because it also governs the scope of a party's duty to preserve (e.g., through litigation hold procedures), a party's duty to search for potentially responsive information, and a party's duty to collect and produce information.
Although the rule itself does not define when a party has "control" of documents or electronically stored information, the case law has filled in the gaps. Federal courts have consistently held that documents and electronically stored information may be in the "control" of a party for purposes of Rule 34 even when the documents and the information are in the physical possession of another entity that is not a party. In other words, "control" does not require that a party have actual physical possession or even legal ownership of the documents or ESI at issue. "Control" has been construed broadly by the courts as "the legal right, authority, or practical ability to obtain the materials sought on demand."
See In re Bankers Trust Co, 61 F.3d 465 (6th Cir. 1995); Flagg v. City of Detroit, 2008 WL 3895470 (E.D. Mich. 2008); Columbia Pictures Ind. v. Bunnell, 2007 US Dist LEXIS 46364 (C.D. Cal. 2007); In re NTL Inc. Securities Litigation, 2007 US Dist LEXIS 6198 (S.D. N.Y. 2007); Cache La Poudre Feeds, LLC v. Land O' Lakes, Inc., 2007 US Dist LEXIS 15277 (D. Colo. 2007); Steele Software Systems v. Dataquick Information Systems, 2006 US Dist LEXIS 74987 (D. Md. 2006)
The standard is really "practical control," which is not susceptible to easy brightline determinations by in-house or outside counsel trying to decide how far their obligations extend. The reality is that the "practical control" test is a fact-bound and context-specific determination, and is not a simple bright-line rule. Thus, the issue tends to require case-by-case analysis by knowledgeable counsel familiar with the law in this area, the details of the relationship between the client and a third party, and the specific nature of the information held by a third party.
Common third party "control" situations
Based on experience and a review of the cases concerning the meaning of "control" for purposes of Rule 34, there are three frequent scenarios that your organization is most apt to encounter:
1. Information in the possession of legally related third parties
2. Information in the possession of independent third parties
3. Information in the possession of former employees
Information in the possession of legally related third parties
Steele Software Systems v. Dataquick Information Systems, 2006 US Dist LEXIS 74987 (D. Md. 2006), concerned whether, and to what extent, the reach of Rule 34 extends to data in the physical possession of a party's non-party corporate affiliates. Steele argued that it was not obliged to produce documents not in its own possession, but that were in the physical possession of non-party corporate affiliates. Steele's argument was two-fold: (1) the related entities were not "parties" and so Rule 34 did not apply, and (2) the information in the possession of the non-parties was not within Steele's "control" under Rule 34.
The Steele court recognized that information in the possession of a non-party is not automatically subject to discovery simply because the non-party has a corporate relationship to a party in the litigation. However, the court rejected Steele's threshold "non-party" argument, relying on well established case law ordering production of information in the possession of related non-parties and holding that "[t]he specific form of the corporate relative involved does not matter, i.e., whether it is a parent, sister, or subsidiary corporation. Courts are able to disregard corporate form" where appropriate.
The Steele court next turned to the "control" issue, observing that case law provides for several relevant factors in making the determination whether a party is deemed to have "control" over information in the possession of related nonparties: (1) the corporate structure of the party or non-party, (2) the non-party's connection to the transaction at issue in the litigation, (3) whether the related party and non-party entities exchange information in the ordinary course of business, (4) the degree to which the non-party will benefit from the outcome of the litigation, and (5) whether the non-party has participated in the litigation. Concerning the first factor, the focus is on common relationships between a party and its related non-party entity. Critical factors include the ownership of the nonparty, overlap of directors, officers, and employees, shared management, and the financial relationship between the two entities. The Steele court applied the aforementioned test and found that the requested information was deemed to be under the practical "control" of Steele, and ordered the information to be produced. See also Evenflo Co., Inc. v. Hantec Agents Unlimited, 2006 US Dist LEXIS 36342 (S.D. Ohio 2006).
What does this mean? Given the current legal test being applied, it is likely that responsive electronically stored information in the possession of your organization's non-party corporate affiliates (e.g., parent, sister, subsidiary) may be found to be under your organization's "control" in many situations. To the extent that your organization does not include consideration of non-party corporate affiliates in its ESI preservation, search, and collection process, it does so at its peril.
Information in the possession of independent third parties
Columbia Pictures Ind. v. Bunnell, 2007 US Dist LEXIS 46364 (C.D. Cal. 2007), concerned whether the reach of Rule 34 extends to data in the possession of an independent third party under the "control" prong of the Rule. In that case the data at issue was routed to a third party entity under contract to the defendant, and stored by the third party. The court found that the data was within the defendant's "control" by virtue of the defendants' choice about where the data resided (i.e., the ability to manipulate at will how the data was routed) and by virtue of defendant's contractual relationship with the third party entity. The court observed that courts have long held that one aspect of "control" is "the legal right to obtain documents on demand" and a contractual relationship with the third party obliged the defendant to, at a minimum, make reasonable inquiry of the third party entity for the data at issue. See also Tomlinson v. El Paso Corp., 245 F.R.D. 474 (D. Colo. 2007); A. Farber and Partners, Inc. v. Garber, 234 F.R.D 186 (C.D. Cal . 2006).
Flagg v. City of Detroit, 2008 WL 3895470 (E.D. Mich. 2008), concerned whether the City of Detroit was required to produce, or consent to allow a third party to produce, electronic text messages in the possession of non-party SkyTel. The court observed that "a party has an obligation under Rule 34 to produce materials within its control, and this obligation carries with it the attendant duty to take the steps necessary to exercise this control and retrieve the requested documents." Noting that the Sixth Circuit has held that documents are deemed to be within the "control" of a party if it "has the legal right to obtain the documents on demand," the court found that the City of Detroit had the "legal right to obtain" the messages in the possession of non-party service provider SkyTel and hence the messages were within the City's "control" within the meaning of Rule 34. The
City was ordered to obtain the text messages from SkyTel and produce them to plaintiff. While the case did not concern the issue of data preservation, it stands to reason that if a party has an "attendant duty" to take steps necessary to retrieve documents deemed to be within its control, it also has an "attendant duty" to take the steps necessary to exercise its control and preserve the information that it knows, or should have known, may be relevant. You can expect the reasoning of the Flagg case to be applied in the preservation context.
What does this mean? Given the current legal test being applied, it is likely that responsive ESI in the possession of an independent third party with whom your organization has a contractual business relationship (e.g., joint venturer, supplier, contractor, dealer) may be found to be under your organization's "control" in some situations. To the extent that your organization does not include consideration of such third parties in its ESI preservation, search, and collection process, it does so at its peril.
Information in the possession of former employees
Cache La Poudre Feeds, LLC v. Land O' Lakes, Inc., 2007 US Dist LEXIS 15277 (D. Colo. 2007), raised the issue of whether, and to what extent, a party may be obliged to contact former employees who the party had reason to believe possessed responsive information, under the "control" prong of Rule 34. The court recognized that "[u]nder some circumstances, a court could determine that an employer has control over documents maintained by a former employee," for example, suggesting that an employer may have "control" over information in the possession of a former employee if that individual is still receiving economic benefits from the employer.
Other courts have required an employer to contact former employees to determine whether they took responsive documents under certain circumstances. For example, Export-Import Bank of the United States v. Asia Pulp & Paper Co., Ltd., 233 F.R.D. 338 (S.D. N.Y. 2005), holds that a corporation must exhaust the practical means at its disposal to obtain relevant documents in the possession of former employees. McCoy v. Whirlpool Corp., 214 F.R.D. 637 (D. Kan. 2003), required the defendant to contact former employees to determine whether they were in possession of responsive documents. And Lintz v. Am. Gen. Fin., Inc., 1999 Dist LEXIS 12572 (D. Kan. 1999), suggests that the defendant's obligation to undertake a reasonable investigation for relevant documents included contacting former knowledgeable employees.
What does this mean? Your organization should consider whether one or more former employees (e.g., a specific manager, supervisor, or engineer) would be considered to be a "key player" who may have had, and may still have, information relevant to a particular claim at issue. The current legal test may be applied to hold that your organization still has "control" over relevant information in the possession of such former employees in some situations. To the extent that your organization does not include consideration of former employees in its preservation, search, and collection process, it does so at its peril.
The scope of a party's legal obligation to preserve, search for, and produce electronically stored information is broader than what a party has in its own "possession" or "custody." But that too narrow scope - confined to an inward look at the client organization itself - is typically assumed by most inside and outside counsel, who are obliged to ensure that all ESI within the "control" of a party is preserved, searched, and produced.
Your client organization's ESI preservation, retention, collection, and production policies and procedures must be developed - or modified if necessary - to ensure the inclusion of all ESI deemed to be within the organization's "control" even where in the actual possession of third parties. As the discovery sanctions decisions of the past several years teach, failing that means significant legal risk and sanctions exposure, for both the client organization as well as the inside and outside attorneys charged with satisfying the organization's discovery obligations.
Ronald C. Wernette is a partner with Bowman and Brooke LLP in the firm's Troy, Mich., office. In addition to his lead counsel responsibility for in-suit matters, he also advises clients on electronic discovery compliance policies and protocols. Ron can be reached at firstname.lastname@example.org.